Local Cloud Triumphs Over Digital Sovereignty Challenge: How Cloud Strategies Are Changing in Europe

The cloud is no longer just a matter of cost or performance. In a time of geopolitical tension, with new data protection regulations and more vigilant governments, where data is stored and who controls the infrastructure has become a strategic decision. And this plays in favor of local and sovereign cloud providers, especially in Europe.

A recent Gartner survey of 241 CIOs and IT managers in Western Europe shows that 61% plan to increase their dependence on local or regional cloud providers due to geopolitical reasons. At the same time, the consultancy forecasts that by 2030, more than 75% of companies outside the U.S. will have a digital sovereignty strategy to support their cloud plans.

The message is clear: the era of “everything in the global cloud” is giving way to a more nuanced model, where local, regional, and global clouds coexist, and where digital sovereignty is no longer an obstacle to innovation but one of its core pillars.

What is digital sovereignty (and why does it matter now)

Digital sovereignty refers to a country, region, or company’s ability to control its data, processes, and the technology it relies on. In practice, it touches on sensitive issues such as:

• Where data is stored (country, region, type of data center).
• Under which legal jurisdiction it falls (e.g., European regulations versus non-EU legislation).
• Which providers can operate or access the data, and under what circumstances.

In recent years, factors like geopolitical tensions, the war in Ukraine, the US Cloud Act, and technological sanctions have prompted many organizations in Europe to ask what would happen if part of their critical infrastructure relied excessively on a single global provider.

This is compounded by the wave of European regulations: GDPR, NIS2, DORA, sector-specific rules for healthcare, energy, or finance, and draft laws targeting AI and industrial data. All these push CIOs to seek greater control and traceability, which local clouds can provide more easily: data centers within the country, legal support aligned with the European environment, and governance models designed “from the inside out.”

The European CIOs’ “local shift”

Gartner’s study reflects this mindset shift. Besides the 61% who say that geopolitics will lead them to rely more on local or regional providers, 53% believe that geopolitical factors will restrict the use of large global providers in the future.

This isn’t about breaking with hyperscalers, but better distributing risk:

• Highly regulated workloads or those with sensitive data tend to return to local clouds, company-owned data centers, or regional providers with specific agreements.
• Services requiring massive scale — such as training generative AI models — usually remain on global clouds but are integrated with local platforms for daily use and data governance.

In Spain and Western Europe, this translates into a visible growth of local cloud providers: from established platforms like OVHcloud or Arsys, to sovereign cloud projects led by telecom operators and public-private partnerships. Meanwhile, hyperscalers like AWS, Microsoft, and Google are opening new regions and local zones in European countries to meet these demands.

Geo-patriation: moving workloads “back home”

Gartner highlights an emerging phenomenon called “geo-patriation”: the deliberate transfer of workloads from global clouds to local alternatives to comply with sovereignty requirements or reduce geopolitical exposure.

It’s not about severing ties with major providers, but approaching it more subtly:

• Keeping in global clouds those workloads that require massive scale or advanced, specific services.
• Rehosting in local clouds those that demand clear jurisdiction, low local latency, or fine-grained controls over access.

According to Gartner, less-advanced adopters of cloud are in a beneficial position: with more legacy systems and less cloud debt, they can better plan their sovereignty strategy, carefully choosing which parts of their operations to migrate and to what cloud type.

Open source’s role: flexibility and less “vendor lock-in”

Another striking finding is that 55% of CIOs and IT leaders in Western Europe see open source as a key factor in their future cloud strategy.

This is no coincidence. Open technologies:

• Allow customization and adaptation of infrastructure to local or sector-specific requirements.
• Promote interoperability among different clouds (e.g., Kubernetes, OpenStack, open source databases).
• Reduce the risk of vendor lock-in, especially as regulatory and geopolitical contexts change rapidly.

Many European local cloud providers build their platforms on open source stacks and align with programs like GAIA-X or similar initiatives, striving for a balance between sovereignty, openness, and innovation.

Local cloud in Spain: from “alternative” to strategic option

Spain is no stranger to this trend. In recent years, there’s been a boom in data center construction and cloud regions around hubs like Madrid, with large hyperscalers and, in parallel, European and domestic providers offering:

• Data centers located within Spain, with design elements aimed at local regulatory compliance.
• Cloud services—public, private, managed—combined with low-latency networks and direct links to operators.
• Models where local partners—integrators, consulting firms, MSPs—play a central role in tailoring solutions for specific sectors (healthcare, government, industry, banking, etc.).

For many Spanish organizations, moving part of their infrastructure to a local provider isn’t ideological; it’s about fine-tuning:

• Gaining legal and operational proximity.
• Maintaining access to hyperscaler capabilities via interconnections, managed services, or hybrid models.
• Better aligning architecture with sectoral sovereignty requirements, from health data to financial information.

Challenges of the local model: true independence takes time

Gartner itself warns that true independence from major global vendors won’t happen overnight. While geo-patriation offers opportunities, it requires:

• Sustained investment by local providers in infrastructure, resilience, and high-value services.
• Ecosystems of partners and skilled talent capable of operating and developing on these platforms.
• Technical and commercial agreements that maintain interoperability with global technologies without causing vendor lock-in.

Additionally, heavy reliance on open source introduces new challenges: many projects are complex, require active contribution, and demand fine coordination among components. For internal teams, the question isn’t just “what software to use,” but how to maintain and govern it over the long term.

What CIOs should do from now on

The core recommendation from Gartner’s analysis is that CIOs take control of their digital destiny. No cloud provider or integrator will safeguard a company’s sovereignty if it isn’t defined beforehand.

Some action points:

1. Map data and workloads by sensitivity and legal requirements. Identify what can go in any global cloud, what must stay within the EU, and what may never leave the country.
2. Design a hybrid multi-cloud architecture by principle, not by accident. Expect that both global and local providers will be involved, and that interoperability is key.
3. Consider local and sovereign cloud providers as part of the core strategy, not just as fallback options for certain public projects.
4. Use open source as a flexibility lever, with a clear lifecycle approach (who maintains, who contributes, what support exists).
5. Establish a clear digital sovereignty policy, covering data storage, processing, and transfer across jurisdictions.

Conclusion: local cloud is no longer the “small sibling”

The move towards local and sovereign clouds doesn’t mean hyperscalers will lose prominence. Rather, it indicates a new distribution of roles:

• Global providers will continue to be essential for scale, advanced AI services, massive analytics, and worldwide reach.
• Local and regional providers will grow stronger where jurisdiction, proximity, and sector-specific compliance matter most.

Between these extremes, any company that can build a well-designed hybrid cloud, with digital sovereignty as a core architecture principle rather than a late-stage hurdle, will have a clear advantage: more innovation, less fear of regulatory or geopolitical shocks.

Frequently Asked Questions

What exactly is a local or sovereign cloud provider?
It’s a cloud services provider whose core infrastructure is in the same country or region as the customer and that offers specific guarantees regarding jurisdiction, data residency, and regulatory compliance. A sovereign cloud usually also adds enhanced legal controls and agreements to prevent data exposure to external legislations.

How does using a global hyperscaler differ from a local cloud in terms of digital sovereignty?
Hyperscalers provide global scale and extensive service catalogs, but may be subject to foreign laws and operate data centers worldwide. Local clouds allow better control over data storage and processing locations, simplify compliance, and mitigate some geopolitical risks, at the cost of offering fewer advanced services or scale.

What role does open source software play in sovereign cloud strategies?
Open source facilitates customization, interoperability, and dependency reduction. Many sovereign clouds rely on open technologies (Kubernetes, OpenStack, open source databases) to enable integration with other providers and avoid proprietary lock-in. The trade-off is the need for technical expertise and a solid support and maintenance strategy.

What steps can a Spanish company take to start its digital sovereignty strategy in the cloud?
At minimum:

1. Inventory data and workloads and classify them by criticality and legal requirements.
2. Evaluate local and global cloud providers, analyzing where data will reside.
3. Design a hybrid architecture that allows secure movement of workloads between clouds.
4. Define an internal digital sovereignty policy (acceptable jurisdictions, encryption standards, access controls).
5. Periodically review the strategy as regulations and geopolitical contexts evolve.

Sources

• Gartner — Gartner Survey Reveals Geopolitics Will Drive 61% of CIOs and IT Leaders in Western Europe to Increase Reliance on Local Cloud Providers (Barcelona, November 2025).